General
-
Target
6df70a060343d815cce55a815bc902e9012348ee4e3a994fa9ba6798b56ec062
-
Size
684KB
-
Sample
220521-ne8wasggbn
-
MD5
9dc8aec70ae8a12970ca3fadfc69be58
-
SHA1
f830626e5a0b0e6efae6e8aab1400b75ef3e6cb3
-
SHA256
6df70a060343d815cce55a815bc902e9012348ee4e3a994fa9ba6798b56ec062
-
SHA512
aa04822cd67a343a0e46ac74a5b7239fa9501f1781fe90d2f1f95677c3beda2bd0fd2170881a3931f85f11ae9ba6a0f67af6f3d842fd68da1ae46d211b2717ea
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.samudrapanel.com - Port:
587 - Username:
sce.info@samudrapanel.com - Password:
weslali234
Targets
-
-
Target
New Order.exe
-
Size
869KB
-
MD5
e7a62e44471fd6abc3504e8a2c9aad8d
-
SHA1
8c1eef5d681711e7ca1baff2e238e169640f10b6
-
SHA256
e1352f1e22cd357785da410433229d313fa681a836c5cb469b9a88588e88cf0b
-
SHA512
02f32ec53318bfc9baf4eeb89d779309ab86eaa3d4a22499719417e64a43fe89fd8d130316a93834a4feaeb637c3e0a838f5c02b772ae191cc716ae1850549bd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-